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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )E3 Responsive to communication(s) filed on 16 July 2003 . 
2a)D This action is FINAL. 2b)M This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^3 Claim(s) 7-33 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-33 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) H The drawing(s) filed on 16 July 2003 is/are: a)[3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
. a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Art Unit: 2192 

Detailed Action 

1 . This action is in response to Application filed 07/1 6/03. 

2. Claims 1-33 have been examined. 

Information Disclosure Statement 

3. IDS filed 7/16/03, 6/24/04 and 1/27/05 have been considered. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 18,19 and 27, recites the limitation "the group" in line 1. There is 
insufficient antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC § 101 

6. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 
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the claimed invention is directed to non-statutory subject matter. 

7. In claims 1-12, recites "processor-readable medium", and as described in 
Applicant's specification on page 14, lines 6 - 14, a processor-readable medium 
includes electromagnetic signals. Claims directed towards physical characteristics of a 
form of energy, such as frequency, voltage, or the strength of a magnetic field, define 
energy or magnetism per se are non-statutory natural phenomena. Moreover, a signal 
encoded with functional descriptive material does not fall within any of the categories of 
patentable subject matter set forth in Sec. 101 . 

8. Claims 25, 27 - 30, 32 and 33 recites a computer/server comprising software 
modules, i.e. per se. Computer programs claimed as computer listings per se, i.e., the 
descriptions or expressions of the programs, are not physical "things.". They are neither 
computer components nor statutory processes, as they are not "acts" being performed. 
Further such claimed computer programs do not define any structural and functional 
interrelationships between the computer program and other elements of the computer 
which permit the computers functionality to be realized. 

9. Claim 30, also does not achieve a tangible result. Claim 30 merely recites a 
database and a distribution module for distributing software, no physical transformation 
occurs as are result of distributing. 
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Claim Rejections - 35 USC § 102 

10. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

11. Claims 1 - 18 and 20 - 33 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Donohue USPN 6,199,204 B1 . 

Regarding claim 1, Donohue anticipates a processor-readable medium 
comprising processor-executable instructions configured for: 

receiving a binary signature (8:45 - 50, shows downloading file which contains a 
digital signature, 10:50 - 65, also discloses that the code is machine readable code, i.e. 
binary code); 

receiving a security patch (4:23 - 27, see patch and downloaded); 

identifying a vulnerable binary file on a computer based on the binary signature 
(8:45 - 60, see retrieved file160 is analyzed 240 based on digital signature); and 

updating the vulnerable binary file on the computer with the security patch (7:60 
- 62 and 5:7 - 12, see modifying existing program and patch and see error correction 



Application/Control Number: 10/621,148 
Art Unit: 2192 



Page 5 



for vulnerable binary file). 

Regarding claim 2, a processor-readable medium as recited in claim 1, wherein 
the identifying a vulnerable binary file on a computer includes comparing a bit pattern of 
the binary signature against binary files located on the computer, the bit pattern 
associated with a security vulnerability (6:35 - 37, shows updater file is a binary file and 
8:50 - 9:7, shows comparisons between product identifier and release number of 
retrieved file). 

Regarding claim 3, a processor-readable medium as recited in claim 1, wherein 
the updating the vulnerable binary file on the computer includes installing the security 
patch on the computer (8:7 - 12, see modifying existing program and patch code). 

Regarding claim 4, a processor-readable medium as recited in claim 1, wherein 
the identifying a vulnerable binary file on a computer includes sending the binary 
signature to the computer (8:45 - 53, shows the digital signature is analyzed when file is 
retrieved). 

Regarding claim 5, a processor-readable medium as recited in claim 4, wherein 
the updating the vulnerable binary file on the computer includes: 

receiving a request from the computer to send the security patch (13:6 - 10); and 
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sending the security patch to the computer (6:6 - 10, see downloading from 
another computer). 

Regarding claim 6, a processor-readable medium as recited in claim 1, wherein 
the computer is a client computer and the receiving includes receiving the binary 
signature and the security patch from a distribution server configured to distribute to the 
client computer, binary signatures that identify vulnerable files and security patches 
configured to fix the vulnerable files (7:55 - 65, see server and patches and see 8:10 - 
15, for error correction). 

Regarding 7, a server comprising the processor-readable medium as recited in 
claim 1 , (7:55 - 65, see server). 

Regarding claim 8, Donohue anticipates a processor-readable medium 
comprising processor-executable instructions configured for: 

receiving a binary signature that identifies a security vulnerability in a binary file 
(8:45 - 50, shows downloading file which contains a digital signature, 10:50 - 65, also 
discloses that the code is machine readable code, i.e. binary code); 

receiving a security patch configured to fix the security vulnerability in the binary 
file (4:23 - 27, see patch and downloaded); and 

distributing the binary signature and the security patch to a plurality of servers 
(7:60 - 62 and 5:7 - 12, see modifying existing program and patch and see error 
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correction for vulnerable binary file, also see 7:55 - 65, server). 

Regarding claim 9, a processor-readable medium as recited in claim 8, wherein 
the distributing includes: 

sending a notice to each of the plurality of servers regarding the security 
vulnerability and the available patch (13:15-20); 

receiving a request to send the binary signature and the security patch (1 3:6 - 
10); and 

sending the binary signature and the security patch in response to the request 
(13:5 - 9, see complete update also see 6:6 - 10, see downloading from another 
computer). 

Regarding claim 1 0, a distribution server comprising the processor-readable 
medium as recited in claim 8 (7:55 - 65, see server). 

Regarding claim 1 1 , Donohue anticipates a processor-readable medium 
comprising processor-executable instructions configured for: 

receiving a binary signature from a server (8:45 - 53, shows the digital signature 
is analyzed when file is retrieved); 

searching for the binary signature in binary files (8:10 - 20 and 45 - 57); 

sending a request to the server for a security patch if a binary file is found that 
includes the binary signature (13:6 - 10); 



Application/Control Number: 1 0/621 ,148 Page 8 

Art Unit: 2192 

receiving the security patch from the server (4:23 - 27, see patch and 
downloaded); and 

updating the binary file with the security patch (7:60 - 62 and 5:7 - 12, see 
modifying existing program and patch and see error correction for vulnerable binary file, 
also see 7:55 - 65, server). 

Regarding claim 12, a client computer comprising the processor-readable 
medium as recited in claim 11, see reasoning above in claim 1 1 and for client see (8:18 
-20, local computer 10). 

Regarding claim 13, Donohue anticipates a method comprising: 

receiving a binary signature (8:45 - 50, shows downloading file which contains a 

digital signature, 10:50 - 65, also discloses that the code is machine readable code, i.e. 

binary code); 

searching for a vulnerable file based on the binary signature (8:45 - 57); 
if a vulnerable file is found, requesting a security patch (8:10 - 14); and 
fixing the vulnerable file with the security patch (8:10 - 20 and 45 - 57). 

Regarding claim 14, a method as recited in claim 13, wherein the requesting 
includes sending a request to a server for the security patch, the method further 
comprising receiving the security patch from the server in response to the request (7:60 
- 62 and 5:7 - 12, see modifying existing program and patch and see error correction 
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for vulnerable binary file, also see 7:55 - 65, server). 

Regarding claim 15, a method as recited in claim 14, wherein the receiving 
includes receiving the binary signature from the server (8:55 - 57, shows a number of 
remote server systems (50,50') which can be utilized, also see 8:45 - 60). 

Regarding claim 16, a method as recited in claim 13, wherein the fixing includes 
installing the security patch on a computer (7:43 - 45, shows the installation process). 

Regarding claim 17, a method as recited in claim 13, wherein the searching 
includes comparing the binary signature to binary information on a storage medium of a 
computer (6:35 - 37, shows updater file is a binary file and 8:50 - 9:7, shows 
comparisons between product identifier and release number of retrieved file also see 
6:7-10 for storage medium). 

Regarding claim 18 and 27, a method/computer as recited in claim 17, wherein 
the binary information is selected from the group comprising: 

an operating system (6:7 - 10, shows a local computer system, hence an OS is 
inherent); 

an application program file (3:60 - 63, see installed computer programs); 
and a data file (3:60 - 63, see software update). 
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Regarding claim 20, which recites similarly to claim 13, see rationale as 
previously address above. 

Regarding claim 21, a method as recited in claim 20, wherein the searching 
includes transferring the binary signature to the client computer, the client computer 
configured to search for a vulnerable file associated with the binary signature (8:45 - 
60, FIG. 1, shows a local system 10/client). 

Regarding claim 22, a method as recited in claim 21 , wherein the fixing includes: 
receiving a request from the client computer to transfer the security patch, the 

client computer having located a vulnerable file (1 3:6 - 1 0); and 

transferring the security patch to the client computer in response to the request 

(4:23 - 27, see patch and downloaded). 

Regarding claim 23, the computer version of claim 1 1 , see rationale as 
previously addressed above. 

Regarding claim 24, the server version of claim 1 1 , see rationale as previously 
addressed above. 
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Regarding claim 25, the computer version of claim 13, see rationale as 
previously addressed above. 

Regarding claim 26, a computer as recited in claim 25, further comprising a 
storage medium configured to retain the binary information (6:7 - 9, see CD). 

Regarding claim 28, the computer version of claim 1 , see rationale as previously 
addressed above. 

Regarding claim 29, the computer version of claim 6, see rationale as previously 
addressed above. 

Regarding claim 30, Donohue anticipates a distribution server comprising: 

a database (FIG.1 , 40 and all associated text); and 

a distribution module configured to receive a binary signature and a security 
patch, store the binary signature and the security patch in the database, and distribute 
the binary signature and the security patch to a plurality of servers (8:45 - 60, see 
retrieved file160 is analyzed 240 based on digital signature also see 7:60 - 62 and 5:7 - 
12, see modifying existing program and patch and see error correction for vulnerable 
binary file, also see 7:55 - 65, server). 
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Regarding claim 31, a distribution server as, recited in claim 30, wherein the 
distribution module is further configured to receive a request from a server for the binary 
signature and the security patch and to distribute the binary signature and the security 
patch to the server in response to the request (8:45 - 60, see retrieved file160 is 
analyzed 240 based on digital signature). 

Regarding claim 32, the server version of claim 1 1 , see rationale as previously 
addressed above. 

Regarding claim 33, a server as recited in claim 32, further comprising: 

a database (FIG.1, 40 and all associated text); and 

the scan module further configured to receive the binary signature and the 
security patch from a distribution server and to store the binary signature and the 
security patch in the database (8:45 - 60, see analyzed 240 and digital signature). 

Claim Rejections - 35 USC § 103 

12. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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1 3. Claim 1 9 is rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Donohue USPN 6,199,204 as applied in claim 17 in view of Gabel 5,930,504. 

Regarding claim 19, Donohue discloses all the claimed limitations as applied in 
claim 17 above including: 

A hard disk (6:1 - 10, see system memory), a magnetic floppy disk (6:1 - 10, see 
diskette), an optical disk (6:7 - 10, see CD) and a 
network-attached storage (6:1 8 - 20, see repository). 

Donohue doesn't expressly disclose a flash memory card and an electrically 
erasable programmable read-only memory. However Gabel in an analogous art and 
similar configuration of updating/patching software discloses the use of electrically 
erasable programmable read only memory (flash EEPROM) and states that use of 
"flash memory permits non-invasive updating procedures so that the nonvolatile 
memory can be updated from an update file" (1 :60 - 65). Therefore it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to combine 
Donohue and Gabel because, it would enable updating from an update file. 
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14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chuck Kendall whose telephone number is 571-272- 
3698. The examiner can normally be reached on 10:00 am - 6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tuan Dam can be reached on 571-272-3695. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Ck. 





